debian_setup_tools/deb_linode.sh

62 lines
1.5 KiB
Bash
Raw Normal View History

2023-08-18 22:33:43 -04:00
#!/usr/bin/env sh
set -e
# Make sure we can connect to apt repos
apt-get update
# Networking & Firewall
2023-09-11 18:32:52 -04:00
apt-get -y install network-manager netcat-openbsd rsync curl wget ufw \
whois net-tools network-manager-openvpn sipcalc ifupdown- connman- \
cmst- netcat-traditional-
2023-08-18 22:33:43 -04:00
if [ -w /etc/network/interfaces ]; then
mv /etc/network/interfaces /etc/network/interfaces.OLD
touch /etc/network/interfaces
fi
# Can only give ufw one arg at a time...
for service in mdns dhcpv6-client; do
ufw allow $service
done
ufw limit ssh
ufw --force enable
# Disallow root login via ssh
2023-09-11 18:32:52 -04:00
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login.conf
2023-08-18 22:33:43 -04:00
systemctl restart sshd
# Make sure NetworkMangler is doing its thing
systemctl restart NetworkManager NetworkManager-wait-online
nmcli device set eth0 managed true
nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64
# Pause here til it's good or it won't make it much further
until nc -w 5 -z mirror.swagg.net 80; do
echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
sleep 5
done
# AppArmor (disable for now)
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
EOF
update-grub
# Logging
apt-get -y install rsyslog
if [ -d /var/log/journal ]; then
rm -rf /var/log/journal
fi
# Various things
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses \
fortunes-mario fortunes fortunes-min neofetch screen apt-file \
2023-09-11 18:32:52 -04:00
htop iftop gcal
2023-08-18 22:33:43 -04:00
apt-file update